stackoom
  简体   繁体   中英

Codesign fails only in GitHubActions, Succeed in MacOS terminal & Jenkins

 原文  2022-08-28 03:29:44       macos/ github-actions/ keychain/ codesign/ github-actions-self-hosted-runners

Question

I'm trying to setup a GitHub actions workflow to perform build on MacOS(10.15.7) system using self-hosted runner. My action workflow for build including code sign-in as follows

runs-on:  [self-macos]

  steps:
    - uses: actions/checkout@master
    - name: Build and Codesign
      env: 
        KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
        KEYCHAIN_PATH: ${{ secrets.KEYCHAIN_PATH }}
        DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }}
      run: |
           security list-keychain -d user -s $KEYCHAIN_PATH
           security unlock-keychain -p $KEYCHAIN_PASSWD $KEYCHAIN_PATH
           ./resources/compileExternalClasses.sh

Currently code-signing part is failing with below errors only on actions.

+ codesign -f -s '***' -v /Users/devadmin/actions-runner/_work/linux-driver/linux-driver/framework.app

error: The specified item could not be found in the keychain.
- script failed with code : 1
Running install script failed with exit code 1
build fail.
Error: Process completed with exit code 255.

On Mac runner system terminal with the same GitHub action workspace source code build & code signing working without any issue.

Even through Jenkins the same source code works without issues.

Already in our Mac Server side certificate installed and under Key-chain section below have activated.

Trust - When using this certificate - Use System Defaults

Access Control - Allow all applications to access this item

Since the above issue is occurring only on github action build. Please let me know what I'm missing with action side?

2 answers

solution1
 0  2022-08-28 08:15:06

The item specified in the "s" parameter is unavailable in the keychain.

For GitHub you have to import your certificates to the Keychain first.

The easiest way will be to use:

uses: apple-actions/import-codesign-certs@v1
with: 
  p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
  p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}

Full instruction on how to create proper secrets is here .

Remember that for self-hosted runners, you have to clean it up after each run:

- name: Clean up keychain and provisioning profile
  if: ${{ always() }}
  run: |
    security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
    rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision

solution2
 0 ACCPTED  2022-08-31 05:14:06

With the help of this Link

Have copied apple developer certificate from login keychian to system list now my problem has been resolved.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question macOS codesign error: errSecInternalComponent macOS app built with Unity hangs upon launch after signing with codesign command in Terminal How to properly codesign macOS Screensaver? Terminal's “codesign” command trouble firebase-tools fails to load via terminal install on macOS macOS Application Bundle Frameworks Directory Codesign In the macOS terminal, “ls | mdls” commands are only working for the home directory Compiled TagLib framework for OS X fails at codesign Can't codesign gdb on macOS Catalina 10.15.1: unrecognized blob type If/else Statement with macOS terminal
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM